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(57) Abstract 

The present invention 
provides a mechanism for a 
payment/unlock transaction for 
deliver-then-pay content (103) 
distribution. The purchase is 
effected by interacting with a 
commerce Web site (111). The 
content is unlocked by delivering 
to the .client a certificate, which 
serves as proof of purchase. The 
certificate is rendered secure (105) 
so that it cannot be replicated to 
gain additional unauthorized access. 
Downloading and processing 
of the certificate can be done 
without user-intervention. Piracy 
is prevented by individuation" 
of the certificate. The certificate 
is generated in a unique manner 
when it Is first provided to the 
consumer. Alternatively, the first 
time a certificate is processed on 
an end-user machine (100), the 
certificate together with unique 
local machine information and/or 
user information is then presented 
back to the server for validation. 
The server can therefore control 
how many times a certificate is 
used. 
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SERVER-SIDE COMMERCE FOR 
DELIVER-TIIEN-PAY CONTENT DELIVERY 

BACKGROUND OF THE INVENTION 

5 1. Field of the Invention 

The present invention relates to deliver-then-pay distribution of electronic 
content, e.g., software, images, sounds, etc. 
2. State of the Art 

Internet commerce continues to experience explosive growth. Internet 

1 0 commerce is especially well-suited to the delivery of electronic content, e.g, 

software, images, sounds, etc. However, electronic content distribution (ESD, a 
subset of which is electronic software distribution, or ECD), poses particular 
difficulties due to attempted misappropriation, i.e., software piracy. Two different 
models of ECD are pay-then-deliver and deliver-then-pay. Related but somewhat 

15 different terms applied to ECD are "Buy-Before-You-Try" (Buy /Try) and 
"Try-Before-You-Buy" (Try/Buy), Try/Buy ECD technology, as the name 
suggests, allows a potential customer to try a piece of software (or other electronic 
content) before deciding whether or not to purchase the software. A limited trial 
period is allowed. In this instance, the piece of software (or data) has already been 

20 delivered to the consumer but is still protected (e.g. , encrypted) and needs to be 
"purchased" (rented, leased, etc.) in order to be unlocked for a longer duration 
and therefore be useful for the consumer. 

Existing Try /Buy purchase mechanisms are client-based and rely on 
capturing the consumer's credit data (e.g., credit card number, billing address) on 

25 the consumer's machine and transmitting this information to a server to validate 
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the credit data and execute the purchase transaction: The server then returns an, 
"unlock code" or "decryption key." This approach is used by a Vbox™ ECD 
product of the present assignee as well as other products within the same category 
from such vendors as TechWave, Release Software, and Ziplock. The foregoing 

5 approach, however, is inflexible. For example, typically only credit cards are 

supported. The currency is restricted to those supported in the client. Furthermore, 
absent a mechanism to allow price lookup to be done during a transaction, the 
product price must be "hard-wired" into the product before it is downloaded. 
Other ECD mechanisms have used certificates to allow a product to be 

10 downloaded. Ziplock's Zert™ certificate is fetched by the client upon completion of 
a purchase transaction. Cybersource's Sm@rtCert™ is an X.509 certificate that 
includes merchandising information and a URL that allows a product to be 
downloaded. However, both these models support only pay-then-deliver (i.e., the 
"certificate" provides the capability to download the product) and do not support 

15 Try/Buy. 

Other types of payment and delivery mechanisms, both present and future, 
may be expected to strain the capabilities of current systems. Distribution may not 
be by electronic download but may be by CD or the like, which most current 
distribution models are ill-equipped to handle. Also, a Web-based electronic wallet 
20 system is currently under development to reduce credit card fraud. The ability to 
achieve compatibility with such an electronic wallet system relatively painlessly is 
much to be desired. 

What is needed is a more flexible mechanism for effecting a 
payment/unlock transaction for deliver-then-pay content distribution. 



SUMMARY OF THE INVENTION 
The present invention, generally speaking, provides a flexible mechanism 
for effecting a payment/unlock transaction for deliver-then-pay content 



Printed from Mimosa 00/06/30 09:16:24 Page: 4 



WO 00/16229 



PCT/US99/I88S1 



distribution. Instead of interacting with a local client interface, purchase is effected 
by interacting with a commerce Web site. The content is unlocked by delivering to 
the client a certificate, which serves as proof of purchase. The certificate is 
rendered secure so that it cannot simply be replicated to gain additional 
5 unauthorized access. In a preferred embodiment, a local application (e t g., a 

stand-alone application or a browser plug-in) is present on the end-user's machine 
and is registered with the local operating system and browser to handle files of a 
particular type used for certificates. Downloading and processing of the certificate 
may therefore be done transparently, without user-intervention. Piracy is prevented 

10 by "individuation" of the certificate. If the certificate simply unlocked the product, 
then nothing would prevent that certificate from simply being moved to any 
number of other machines or used by multiple unauthorized users. To prevent this, 
certificate individuation is performed. Preferably, the certificate is generated in a 
unique maimer when it is first provided to the consumer. Alternatively, the first 

1 5 time a certificate is processed on an end-user machine, the certificate together with 
unique local machine information (such as the hard drive ID) and/or unique user 
information (e.g., biometric information such as fingerprint information, 
information from a smart card, etc.) is then presented back to the server (either the 
original server or a separate reference server) for validation. The server can 

20 therefore control how many times a certificate is used. 



BRIEF DESCRIPTION OF THE DRAWING 

The present invention may be further understood from the following 

description in conjunction with the appended drawing. In the drawing: 

Figure 1 is a block diagram of a system in which the present invention may 
25 be used; 

Figure 2 is a "buy me** screen display produced by the usage rights 
acquisition interface control of Figure 1 ; 



Printed from Mimosa 00/06/30 09:16:25 Page: 5 



WO 00/16229 



PCT/US99/18851 



-4- 



Figure 3 is a "shopping cart" screen display; 

Figure 4 is a block diagram illustrating an electronic payment transaction 
and delivery of a certificate evidencing usage rights; 

Figure 5 is a block diagram illustrating an electronic payment transaction 
5 during which binding information is uploaded from the end-user machine 

and delivery of a certificate incorporating binding information; 

Figure 6 is a block diagram illustrating tender of a serialized, unbound 
certificate, together with binding information and delivery of a certificate 
incorporating binding information; 

1 0 Figure 7 is a block diagram illustrating certificate validation processing 

options; 

Figure 8 is a block diagram showing a single-server system in which the 
present invention may be used; and 

Figure 9 is a block diagram of a multiple-server system in which the 
15 present invention may be used. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
Referring now to Figure 1, a block diagram is shown of a system in which 
the present invention may be used. An end-user machine 100 is shown as including 
a browser 101 or similar program that interfaces with a server location and enables 

20 the user to request the granting of usage rights. A digital product 103 and an 
associated protection module 105 are delivered to the end-user machine, either 
on-line, e.g., through a computer network 107 such as the Internet, or off-line, 
e.g., through a tangible medium 109 such as a computer hard drive, CD-ROM, 
etc. The protection module may take the form of code "injected" into the product 

25 for example, using techniques practised in the art or as described more folly in 

co-pending U.S. patent application (Atty. Dkt. 031994-003), incorporated 

herein by reference. The protection module may take the form of a Dynamic Link 
Library (DLL). Alternatively, the protection module may take the form of API 
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calls inserted into the original' source code of a software program. Still other types 
of protection modules will be apparent to one of ordinary skill in the art. For 
example, the protection module may be part of a Try /Buy software application or a 
plug-in for a browser or other application having a plug-in architecture. The 
5 protection module may be a program that conditionally decrypts content arid 

interfaces with off-the-shelf software (e.g., Microsoft Word™, Adobe Acrobat™, 
etc.). 

Besides the protection module, also associated with the digital product is 
commerce information 111, typically including a server location (URL). The 

10 commerce information may be stored as part of or apart from the digital product or 
protection module. The product, the protection module and the commerce 
information may be installed on or stored on the user machine together during a 
single overall operation or separately. In one embodiment, the product, the 
protection module and the commerce information are downloaded as a single 

15 installation-ready package and installed together. 

When use of the product is attempted, the protection module determines 
whether such use is authorized. In the case of Try /Buy ECD, for example, a 
30-day free trial may be allowed. The protection module displays to the user trial 
status information (e.g., 10 days remaining, 5 uses remaining, etc.). The 

20 protection module also displays a user interface control for buying additional use 
of the product (Figure 2). A purchase transaction is carried out by a commerce 
system running on the server. As part of this transaction, an off-the-shelf viewer 
such as a Web browser or a custom viewer program retrieving presentation 
information from the server displays a page such as that of Figure 3 is displayed to 

25 the user, ultimately instructing the user to click on a "Get Certificate" link having 
a particular MIME type. 

Referring more particularly to Figure 4, the protection module first 
displays a dialog to the user (Step 1). When the user activates the user interface 
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control (clicks "buy," Step 2), the following sequence of events ensues. The ". 
protection module uses the browser to access the commerce information stored on 
the user machine. The commerce information designates a server that includes 
transaction processing software and either includes or is network-connected to a 

5 certificate database. The browser is started at the server URL (Step 3), and the 
server presents to the user a Web page used to provide purchase information. The 
user completes the Web page by filling in purchase information (Step 4) and 
submits it to the server (Step 5). A purchase transaction is then carried out using 
known methods of electronic commerce. Various known security mechanisms may 

10 be used during transaction processing, e.g., Secure Socket Layer (SSL), Secure 
Electronic Transaction (SET), etc. Furthermore, payment may be effect in any 
manner supported by the server. Whereas credit cards are typically used for 
consumer transactions, other types of transactions may use purchase orders, 
corporate lines of credit, etc. If the browser supports electronic wallets, then this 

1 5 capability can automatically be taken advantage of for purchase transactions. 

Referring still to Figure 4, if transaction processing is successful, then a 
certificate is downloaded to the user machine (Step 6). The certificate may be a file 
of a specific type, for example. The certificate will typically contain a rights 
statement of some type and will be secured using a tamperproof mechanism. For 

20 example, the certificate may be encrypted such that a hacker cannot tell how to 
alter the certificate to accomplish the hacker's purpose, or the certificate may be 
signed using a digital signature such that any tampering may be readily detected. 
The rights statement may vary depending on implementation. For example, the 
rights statement may simply be the name of the digital product, purchase of the 

25 product being implied. Alternatively, the rights statement may entitle the user to 
use the digital product for a limited period of time, a limited number of uses, etc. 

At the user machine, a predetermined certificate installation module 
optionally receives and installs the certificate (Step 7). The certificate installation 
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module may be a plug-in, an Active X control, a MIME type handler, or other 
mechanism to automatically process the certificate data and may be registered with 
the browser to handle files of that specific type. The module may be the protection 
module or some other module. Alternatively, the certificate may come appended to 

5 an executable program that the user then executes. When the program executes, it 
stores the certificate in the correct place for the protection module to later find it. 
Of course, there may be no module or program provided to handle the certificate 
and store in the correct place. In this instance, the user is required to store the 
certificate in the correct place. Preferably, however, the user is shielded from this 

10 detail by one of the former mechanisms, resulting in a more pleasant user 
experience. 

The foregoing process in accordance with an exemplary embodiment may 
be summarized as follows: 

1 . The protection module ensures that a certificate installation program for 
1 5 installing the certificate is registered with the browser (i.e. , as a 

handler for certificate files as represented by a particular MIME type) 
or otherwise installs the program. 

2. The protection module launches the browser to go to the purchase 
URL. The protection module may also send to the server via the 

20 browser local information such as binding information. 

3. A purchase transaction is carried out by a commerce system running on 
the server. As part of this transaction, a Web page such as that of 
Figure 3 is displayed to the user instructing the user to click on a "Get 
Certificate" link having the particular MIME type previously 

25 mentioned. 

4. The user clicks on the link. 

5. The certificate installation program receives and installs the certificate. 
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If it is desired to prevent transfer of the certificate to another machine or 
user, "individuation" of certificates may be performed. Individuation allows 
verification to be performed prior to allowing use of the digital product. Two 
possibilities of such verification will be described hereafter. 
5 Individuation may occur prior to download of the certificate or after 

download of the certificate. Furthermore, various different kinds of individuation 
may be performed including, for example, one-step binding individuation and 
two-step binding individuation. In one-step binding, binding information 
identifying a particular machine or a particular user is sent to the server and added 

10 to the certificate, after which the certificate is digitally signed and downloaded to 
the end-user machine (Figure 5). In the case of machine binding, the binding 
information is derived from the hardware and/or software of the user machine. For 
example, hardware binding information may come from a hard disk ID, a network 
card unique ID, IDs derived from plug-in cards, processor type, and so on. In the 

15 case of user binding, the binding information may be an ID derived from a 

fingerprint, a smartcard, a user-chosen password, etc., or some combination of the 
foregoing. 

In some instances, one-step binding is problematic. In the case of user 
binding based on fingerprints, for example, the binding information may be quite 

20 large. It may be difficult to cause the browser to transport a large amount of 

binding information up to the server. Similarly, where the server functionality is 
distributed among multiple servers, it may be difficult to cause a commerce system 
to transport a large amount of information to a certificate issuer server. 

The foregoing difficulties may be overcome using two-step binding. In 

25 two-step binding, the first step involves sending a serialized certificate. Referring 
to Figure 6, the second step involves trading the serialized certificate for a bound 
certificate. To avoid a replay attack, some mechanism is required on the server 
side to keep track of which serialized certificates have been traded in this fashion. 
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A protection module, instead of connecting to the server through a browser, may 
establish a direct connection, allowing for the exchange of data of arbitrary length. 
Similarly, communication between a merchant Web site and a certificate issuer 
Web site (if separate from the merchant Web site) may be handled without 

5 involvement of the commerce system, or "storefront," of the merchant Web site. 
As has been described, certificate individuation may be performed in may 
different ways. Verification may also be performed in many different ways. 
Verification requires secure storage in order to store information needed to 
positively identify a particular certificate. Secure storage may be located on— and 

10 hence verification may be performed at— the server machine, the client machine, 
or both. Each alternative has its relative advantages and relative disadvantages. 
Server validation is most secure but also requires a large amount of central storage 
and a permanent connection of the client machine to the server. Client validation is 
less secure but does not require a large amount of central storage or permanent 

1 5 connection of the client machine to the server. A combination of server and client 
validation provides a lesser degree of security than server validation but requires 
only intermittent connection of the client machine to the server. Server validation 
and combined server/client validation may involve periodic reissuance or 
revalidation of the certificate. For example, using server validation, if a certificate 

20 gives the right for some number of uses of the digital product, then each time the 
digital product is used, the old certificate may be traded for an update certificate 
containing within the certificate itself the number of uses remaining. 

Referring to Figure 7, when the user attempts to use the product, the 
protection module looks to see whether a certificate for the product is stored on the 

25 user machine. If so, the protection module proceeds to validate the stored 

certificate, either on-line by connecting to the server through the browser or 
off-line locally. If on-line, the certificate is presented to the server. The server 
validates the certificate by checking in the certificate database whether or not the 
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particular certificate being presented has been presented previously and whether 
further presentations are allowed. An entry is updated in the certificate database 
that keeps track of the number of times the particular certificate has been 
presented. If the certificate limits are met, a message or a second certificate is sent 
5 back to the protection module on the user machine validating the certificate and 
authorizing use based on the certificate for the duration of the certificate period. If 
the server finds that the particular certificate has already been presented the 
maximum number of times (or more), then the server invalidates the certificate and 
instructs the protection module to not allow the product to be used based on the 

10 certificate. 

Validation requirement may vary from "validate once" to "validate 
always. " For example, if initial validation is successful, the protection module may 
then store an indication that the product is "paid up. " The next time use of the 
product is attempted, the protection module may allow use without checking with 

15 the server. Alternatively, validation may be required every use, every N-th use, or 
at periodic time intervals. 

It should be noted that the present invention may be used in systems having 
centralized server-side functionality and in systems having greater or lesser 
degrees of distributed server-side functionality. Referring to Figure 8, for 

20 example, a single server performs payment processing, certificate issuance and 
certificate validation. Referring to Figure 9, on the other hand, each of these 
functions is performed by a separate server. 

It will be appreciated by those of ordinary skill in the art that the invention 
can be embodied in other specific forms without departing from the spirit or 

25 essential character thereof. The presently disclosed embodiments are therefore 
considered in all respects to be illustrative and not restrictive. The scope of the 
invention is indicated by the appended claims rather than the foregoing description, 
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and all changes which come within the meaning and range of equivalents thereof 
are intended to be embraced therein. 
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What is claimed is: 

1 . A deliver-then-pay method of electronic content distribution, 
comprising the steps of; 

providing as part of a digital product a usage rights acquisition 
5 interface control and a server location for rights acquisition; 

providing on a server location presentation and business logic for 
usage rights acquisition; and 

users of the digital product using the usage rights acquisition 
interface control to activate a program that interacts with the server 
1 0 location. 



2. The method of claim 1 where said activated program is a web 
browser interacting with a web server. 

3. The method of claim 1 where said activated program interacts with 
the server location to cause the user to pay for usage rights by supplying payment 

15 information. 

4. The method of claim 1 where said activated program interacts with 
the server location to cause the user to supply a commitment to pay for usage 
rights by supplying proof of identity and commitment information. 

5. The method of claim 1 where said activated program offers the user 
20 a choice of payment currencies. 
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6. The method of claim 1 where said activated program interacts with 
the server location to cause the user to supply a proof of prior authorization for 
usage rights. 

7. The method of claim 1 where activation of said program interacting 
5 with the server location causes transmittal of local information to the server 

location without requiring user interaction. 

8. The method of claim 7 where said local information contains 
binding information related to the user's computer system. 

9. The method of claim 7 where said local information contains user 
10 identity information. 

10. The method of claim 9 where said user identity information contains 
biometric information. 

1 1 . The method of claim 9 where said user identity information contains 
smartcard information. 

15 12. The method of claim 7 where said local information contains 

payment information. 

1 3 . The method of claim 7 where said local information contains 
information on desired usage rights. 

14. The method of claim 7 where said local information contains 
20 information on existing usage rights. 
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15. The method of claim 7 where said local informatioii'contains a 1 
unique identification number. 

16. The method of claim 1, further comprising the step of the server 
location returning a usage rights certificate. 

5 17. The method of claim 16, comprising the further step of the activated 

program causing a certificate installation module that is present on the user 
machine to process said usage rights certificate. 

18. The method of claim 16, wherein the digital product inciudevS a 
protection module, the method comprising of the further step of using information 

1 0 contained in the usage rights certificate to cause the protection module to permit or 
deny usage of said digital product. 

19. The method of claim 16, wherein the server embeds individuation 
data in the certificate. 

20. The method of claim 16 where said individuation data contains 
15 binding information related to the user's computer system. 

21. The method of claim 16 where said individuation data contains user 
identity information. 

22. The method of claim 2i where said user identity information 
contains biometric information. 
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23. The method of claim 21 where said user identity information 
contains smartcard information. 

24. The method of claim 16 where said individuation data contains 
information on usage rights. 

25. The method of claim 16 where said individuation data contains a 
unique identification number. 

26. The method of claim 16, where the certificate is digitally signed. 

27. The method of claim 16, further comprising performing local 
validation of the certificate on the user's computer system based on individuation 
data and local information. 

28. The method of claim 16, further comprising establishing a network 
connection and presenting validation information to a server. 

29. The method of claim 28, wherein said validation information 
contains individuation data. 

30. The method of claim 28, wherein said validation information 
contains local information, 

31 . The method of claim 28, wherein the server performs validation of 
the validation information and returns the result of said validation. 
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32. The method of claim 28, wherein the server performs validation -of 
the validation information and upon successful validation returns a new certificate. 

33. The method of claim 32, wherein said new certificate has the same 
structure as the old certificate. 

5 34. The method of claim 32, wherein said new certificate has a different 

structure than the old certificate, 

35. The method of claim 28, wherein the server records validation 

events. 

36. the method of claim 35, wherein server validation is dependent on 
1 0 the frequency of validation events. 

37. The method of claim 35, wherein server validation is dependent on 
the user's fulfillment of payment commitment. 

38. The method of claim 27, wherein the user's computer system 
records validation events. 

15 39. The method of claim 38, wherein local validation is dependent on 

the frequency of validation events. 

40. The method of claim 28, wherein the server performs validation of 
the validation information and upon successful validation returns at least one 
additional digital product. 



Printed from Mimosa 00/06/30 09:16:38 Page: 18 



WO 00/16229 



PCT/US99/18851 



1 /8 




COMMERCE 
INFORMATION 



URL 



m 



END-USER MACHINE 



FIG-1 



SUBSTITUTE SHEET (RULE 26) 



Printed from Mimosa 00/06/30 09:16:39 Page: 19 



WO 00/16229 



PCT/US99/1885I 



2/8 



Youn Product Name- 



"Your 
welcome 
message 
here." 



'Your 
logo 
here." 



hltpV/www.y ourcompany.com 



"Your 
graphic 
image 
here." 

Your Product Name 

Version 4.0 
© 1 996-1998 Your Company Name 

Welcome to the trial version of Your Product, offered by Your Merchant. 
You have been granted a license to use this fully functional application 
for evaluation. You may purchase Your Product at any time by selecting 
the Buy Now button to the right and following the instructions. 



Buy Now 



Information 



Quit 



20 days or 15 uses remaining 



FIG. -2 



SUBSTITUTE SHEET (RULE 25) 



Printed from Mimosa 00/06/30 09:16:39 Page: 20 



WO 00/16229 



PCT/US997I8851 



3/8 



1 Your Order - Netscape- 


-tlx| 


File Edit View Insert Tools 


# <g tS& ^ !%) Q] <& [f 38 

Back Forward Reload Home Search Netscape Imaaes Print Security Stop 


N 


$ Bookmark Netstte: $ 


http://www.software.net/orders/list_order.htrn77000000D19664 M 



i ^ Find ^Customer Corporate - Download ^Shopping 
(Home ©Specials ©software ©Service © Center O Q & A O Cart 



software Onet 

THE Software Superstore 

Search for more products 



Shopping Cart 



Checkout 

Using our secure server 



If you get an error when you try to checkout you may be behind a firewall that does nci support secure 
transactions. If this happens you can use our regular server. 



Your Shopping Basket Contains 



Qty Description 



Unit Total Stock 

Price Price (as of 6 Am pacific time) 



Country Garden Spring V1.Q for 
Win 95/NT 

(32-bit Windows • ESD) 



12.99 12,99 Download j^/ 



Subtotal: $12.99 

To change a quantity, enter the new quantity above (if you have changed your mind 
about an item just change the quantity to 0). Im portant: Your chang e will not be 
seen by the system if you don't click this button Change Quantity 



Search for more products 



Checkout 

Using our secure server 



□ 



FIG. „3 



SUBSTITUTE SHEET (RULE 26) 



Printed from Mimosa 00/06/30 09:16:40 Page; 21 



WO 00/1 6229 



PCT/US99/I8851 



4/8 



COMMERCE 
SERVER 




6. COMMERCE SERVER 
RETURNS CERTIFICATE 



5. USER SUBMITS 
PURCHASE 



DIGITAL 
PRODUCT 



PROTECTION 
MODULE 



COMMERCE 
INFORMATION 



URL 




BROWSER 



CERTIFICATE 
INSTALL 
MODULE 



4. USER FILLS IN 
PURCHASE INFO. 



7. CIM RECEIVES 
AND INSTALLS 
CERTIFICATE 



END-USER MACHINE 




1. PROTECTION MODULE 
DISPLAYS DIALOG 



DIALOG 



2. USER CLICKS "BUY" 

3. BROWSER IS STARTED 
AT URL 



FIG..4 



SUBSTITUTE SHEET (RULE 26) 



Printed from Mimosa 00/06/30 09:16:41 Page: 22 



WO 00/16229 



PCT/US99/188S1 



5/8 



COMMERCE 
SERVER 



RIGHTS 



BIND 
INFO. 




DIG. 
SIG. 



DIGITAL 
PRODUCT 



PROTECTION 
MODULE 



COMMERCE 
INF ORMAT ION 



BIND 
INFO. 



1. 



BROWSER 



CERTIFICATE 
INSTALL 
MODULE 



END-USER MACHINE 



F/G._5 



SUBSTITUTE SHEET (RULE 26) 



Printed from Mimosa 00/06/30 09:16:42 Page: 23 



WO 00/16229 



PCT/US99/18851 



6/8 




SUBSTITUTE SHEET (RULE 26) 



Printed from Mimosa 00/06/30 09:16:43 Page; 24 



WO DO/16229 



PCT/US99/18851 



7/8 



UJ 

2: 

X 




L J 



SUBSTITUTE SHEET (RULE 26) 



Printed from Mimosa 00/06/30 09:16:44 Page: 25 



WO 00/16229 



PCT/US9 9/1 8851 



8/8 



CERT. 
VALIDATION 



CERT. 
ISSUANCE 



MERCHANT 
PROCESSING 



SERVER 




MERCHANT 
PROCESSING 
SERVER 



CERT. 
ISSUANCE 
SERVER 



CERT. 
VALIDATION 
SERVER 




< M INTERNET )< >■ 



FIG.-9 



SUBSTITUTE SHEET (RULE 26) 



Printed from Mimosa 00/06/30 09:16:44 Page: 26 



INTERNATIONAL SEARCH REPORT 



International application No. 
PCT/US99/18851 



A. CLASSIFICATION OF SUBJECT MATTER 

!PC(6) :G06F 19/00 

US CL :Please See Extra Sheet. 
Avoiding to International Patent Classification (IPC) or to both national classification and IPC 



a FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 
U.S. : 705/26; 500/4; 395/186; 380/4 



Documentation searched other than minimum documentation to the extent that such documents arc included in the fields searched 



Electronic data base consuhed during the international search (name of data base and, where practicable, search terms used) 
DIALOG 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category* 



Citation of document, with indication, where appropriate, of the relevant passages 



Relevant to claim No. 



US 5,629,980 A (STEFTK et al) 13 May 1997, cols 3, 4, 6, 7, 9, 
11, 13-17, 22, 23 f 26, 27-32, 34, 35, 51, 60 

US 4,817,140 A (CHANDRA et al) 28 March 1989, the entire 
document. 

US 5,191,611 A (LANG) 02 March 1993, the entire document. 

US 5,267,171 A (SUZUKT et al) 30 November 1993, the entire 
document. 

US 5,499,298 A (NARASIMHALU etal) 12 March 1996, the entire 
document. 

US 5,509,070 A (SCHULL) 16 April 1996, the entire document. 



1-40 

1-40 

1-40 
1-40 

1-40 

1-40 



|"x] Further documents arc listed in the continuation of Box C, Q See patent family annex. 



Special cate^orici of I'iied dncum«tiis: 

document defining ll« general xiale rtf the art which it w* consider* i* 
to be of particular relevince 

earlier document puUliilied tni «t *fi*r the mlemauonnl filing dole 

document which may throw doubts on priority claim'*) at which ii 
cilcd lo establish t|i« pvldiulton date of another citation or other 
»pc«ii»l rvMOit *yeeiTi<d) 

lineament ftfertilJf to an oral disclosure. Hit, exhibition or oDk* 
means 

document pub tittie J prior ia the tnlcrnalional filing dale but later than 
the priority dm< chimed 



later document publiilhut after Uk micriwilioiKil filing dale or priority 
4ut and tiot in conflict with Uic application bin cited to understand 
di* principle or theory underlying Oie invention 

document of particular relevance, the claimed invention caiuioi be 
considered novel or cannot be considered to involve Ait invemiirc step 
wh«n the docvmentu taken •lone 

document ©I" particular relevancy die claimed invention emwol be 
conttd«r*d to involve an inventive itep when llw document U 
combined wiUi on* or more ollwr luch documents, ntch combination 
being ohvioiu to » person ikillcd tn the art 

document member of ihc lame pateni family 



Date of the actual completion of the international search 
07 DECEMBER 1999 



Name and mailing address of the ISA/US 
Commissioner gf r*aieiils and Trademarks 
Itos PCT 

Washington. IXC. 2023 1 
Facsimile No. (703) 305*3230 



Date of mailing of the international search report 



01 FEB 2000 



Authorized officer 

ALLENMACDONi^ /j? 
Telephone No, (70?) 305*9708 



Form PCT7ISA/210 (second sheet)(july 1992)* 



Printed from Mimosa 00/06/30 09:16:45 Page: 27 



INTERNATIONAL SEARCH REPORT 



International application No. 
PCT/US99/I8851 



C (Continuation). DOCUMENTS CONSIDERED TO BE RELEVANT 



Category* Citation of document, with indication, where appropriate, of the relevant passages Relevant to claim No. 



AJP 



A,P 



US 5,634,012 A (STEFIK et al) 27 May 1997, the entire 
document. 

US 5,638,443 A (STEFIK et al) 10 June 1997, the entire 
document. 

US 5,715,403 A (STEFTK) 03 February 1998, the entire document. 



US 5,883,954 A (RONNING) 16 March 1999, the entire document 



US 5,883,955 A (RONNING) 16 March 1999, the entire document. 



US 5,903,880 A (B1FFAR) 1 1 May 1999, the entire document. 



1*40 



1-40 



1-40 



1-40 



1-40 



1-40 



Form PCT/1SA/210 {continuation of second sheeL)(July 1992)* 



Printed from Mimosa 00/06/30 09:16:46 Page: 28 



INTERNATIONAL SEARCH REPORT 


International application No. 




PCT/US99/ 18851 



A. CLASSIFICATION OF SUBJECT MATTER: 
US CL : 

705/26; 500/4; 395/186; 380/4 



Form PCT/ISA/210 (extra sheei)(July 1992)* 



Printed from Mimosa 00/06/30 09:16:47 Page: 29 



iiiniiiininHiH 

ADOCPHOEMK 



X 



5 



o 



INCOMING 

ACPA 



Continuing Prosecution Application 

AP.B 

Appeal Brief 

C680 



Request for Corrected Notice/Allowance 

cad 

Change of Address 

CFILE 



Request for Corrected Filling Receipt 

COCIN 

Papers filed re Certificate of Corrections 

CRFD 

Computer Readable Form Defective 

CRFE 

Computer Readable Form 'ENTERED' 

EABN 

Request for Express Abandonment 

ELC. . 

Response to Election/Restriction 

1FEE 

Issue Fee Transmittal PTOL 85 B 

IRFND 

Refund Request 

_____ L_RIN 

Any Incoming to L&R 

N417 



Copy of EFS Receipt Acknowledgement 

N/AP 

Notice of Appeal 

PA.. 



Change in Power of Attorney 

PC/I 



Power to Make Copies or to Inspect 

PEF. 

Pre-Exam Formalities Response 

PEFRREISS 



Pre-Exam Formalities Reissue Response 

_ PEFRSEQ 

Pre-Exam Formalities Sequence Reply 



INCOMING 




PGEA 



Req Express Aband to avoid Publication 

PGA9 

Req for Corrected Pat App Publication 

_ PGREF 

Req for Refund of Publication Fee Paid 

PROTEST 

Protest Documents Filed by 3" Party 

PROTRANS 

Translation of Provisional in Nonprovionl 

REM 

Applicant Remarks in Amendment 

_RESC 

Rescind Non-Publication Request 
RETMAIL 

Mailed Returned by Post Office 

XT/ 8 

Extension of Time filed separate 



371 P 



PCT Papers in a 371 Application 

A. 

Amendment Including Elections 

A. ME 

After Final Amendment 

A.PE 

Preliminary Amendment 

ABST 



Abstract 

ADS 

Application Data Sheet 

AF/D 

Affidavit or Exhibit Received 

APPENDIX. 

Appendix 



APPL PARTS 

ARTIFACT. 



Artifact 



CLM 



Claim 



COMPUTER. 



Computer Program Listing 

CRFL 

CRF Transfer Request 

CRFS 

Computer Readable Form Statement 

DIST 

Terminal Disclaimer Filed 
DRW 



Drawings 

FOR 

Foreign Reference 

FRPR 

Foreign Priority Papers 

IDS ' 

IDS Including 1449 

_NPL 

Non-Patent Literature 

OATH 

Oath or Declaration 

PET. . 

Petition 

_PGPUB DRAWIMGS_ 

Box PG Pub Drawings 

SEQLIST 



Sequence Listing 

SPEC 

Specification 



SPEC HO 



Specification Not in English 



6/26/0.1 



